none
Disabling autodiscovery

    Вопрос

  • When will we be able to disable autodiscovery in Outlook 2007? This morning I got a delightful scare from Outlook informing me of an SSL certificate name mismatch. Long story short, our local DNS crapped out and it went looking out on the internet for the autodiscover sub-domain. Having never been configured with our registrar, it defaulted to our host IP leading to aforementioned confusion.

    While I'm sure the fine developers in Redmond will pass this off as a mere nuisance, I would point out that a clever man might hijack the domain, as was done to Comcast recently by a bunch of bored teenagers, setup a redirect on the autodiscover sub-domain, and reconfigure Outlook clients to his whim. Seeing as this service is only useful if you're running Exchange 2007, those of us who don't would like a way to patch this security hole.
    9 июля 2008 г. 14:20

Ответы

  • Hi,

     

    What account did the user use in outlook, Exchange account or pop3,etc?

    Autodiscovery is used in Exchange, but I cannot confirm whether it would be used for other application.

     

    The Autodiscovery feature is installed on a Exchange Server 2007 with the Client Access Server role installed. So it is impossible to disable it on Outlook.

     

    Please understand that the Autodiscovery service provides the following information to the Outlook client:

     

    The Autodiscover service uses a user's e-mail address or domain account to automatically configure the user's profile. By using the e-mail address or domain account, the Autodiscover service provides the following information to the client computer that is running Outlook 2007:

    ·         The user’s display name.

    ·         Separate connection settings for internal and external connectivity.

    ·         The location of the user’s Exchange 2007 server that has the Mailbox server role installed.

    ·         The URLs for Exchange features such as free/busy information, UM, and the OAB.

    ·         Outlook Anywhere server settings. Outlook Anywhere was formerly known as RPC over HTTP.

     More information share with you:

    White Paper: Exchange 2007 Autodiscover Service

    http://technet.microsoft.com/en-us/library/bb332063.aspx

     

    Hope it helps.

    Xiu

    11 июля 2008 г. 7:08

Все ответы

  • Hi,

     

    What account did the user use in outlook, Exchange account or pop3,etc?

    Autodiscovery is used in Exchange, but I cannot confirm whether it would be used for other application.

     

    The Autodiscovery feature is installed on a Exchange Server 2007 with the Client Access Server role installed. So it is impossible to disable it on Outlook.

     

    Please understand that the Autodiscovery service provides the following information to the Outlook client:

     

    The Autodiscover service uses a user's e-mail address or domain account to automatically configure the user's profile. By using the e-mail address or domain account, the Autodiscover service provides the following information to the client computer that is running Outlook 2007:

    ·         The user’s display name.

    ·         Separate connection settings for internal and external connectivity.

    ·         The location of the user’s Exchange 2007 server that has the Mailbox server role installed.

    ·         The URLs for Exchange features such as free/busy information, UM, and the OAB.

    ·         Outlook Anywhere server settings. Outlook Anywhere was formerly known as RPC over HTTP.

     More information share with you:

    White Paper: Exchange 2007 Autodiscover Service

    http://technet.microsoft.com/en-us/library/bb332063.aspx

     

    Hope it helps.

    Xiu

    11 июля 2008 г. 7:08
  • Yes, the account is configured for Exchange. No, it is not impossible to disable in Outlook 2007 as it is Outlook that initiates the Autodsicovery process as evidenced by the fact that it still happens despite the absence of an Exchange 2007 server. What you meant to say was "there's no Microsoft-supported way to disable Autodsicovery in Outlook" and I want to know when, if ever, that will change.
    11 июля 2008 г. 13:06
  • Hi,
     
    It is not possible to disable it.
     
    And I found no workaround to disable it.
     
    Best regards,
    Xiu
    14 июля 2008 г. 9:20
  • I realize this may be an old thread and mute point, but will say I believe there is confusion between the autodiscovery and availability service here. Autodiscovery can be disabled on the server side, which would make it unavailable to Outlook 2007 clients. That would have the desired effect...

    10 сентября 2008 г. 14:17
  • Is there a way to disable autodiscovery on an Exchange 2003 server? as we are having the same problem and only have Exchange 2003 server in the domain, we do not, have not, and probably will not have Exchange 2007 within the domain anytime soon.

    2 октября 2008 г. 18:15
  • Is there a way to disable autodiscovery on an Exchange 2003 server? as we are having the same problem and only have Exchange 2003 server in the domain, we do not, have not, and probably will not have Exchange 2007 within the domain anytime soon.


    There is no AutoDiscover service in Exchange 2003.  But Outlook 2007 and 2010 clients will still look for it.  This means if you have a autodiscover.domain.com record in your environment it should go away if not pointed to a valid Exchange 2007/10 server.
    Mike Crowley: MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging Administrator
    16 марта 2010 г. 16:59
  • I realize this may be an old thread and mute point, but will say I believe there is confusion between the autodiscovery and availability service here. Autodiscovery can be disabled on the server side, which would make it unavailable to Outlook 2007 clients. That would have the desired effect...


    I am not aware of a way to "disable" AutoDiscover on the server.
    Mike Crowley: MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging Administrator
    16 марта 2010 г. 17:00
  • One option to "disable" Outlook from using AutoDiscover would be to set the URLs to invalid values, like this:

    Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://badsetting.fake/Autodiscover/Autodiscover.xml


    Mike Crowley: MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging Administrator
    • Предложено в качестве ответа bytebull 2 мая 2010 г. 16:59
    16 марта 2010 г. 17:01
  • I am researching the same problem.  Where do you put this bogus URL value? I have a Windows 7 client using Outlook 2007 and it is a member of a 2008 SBS domain.  The domain is domain1.com.  External website and POP/SMTP mail is domain2.com.  When the SBS server was set up, Exchange was disabled.  However, anticipating that it might be used in the future, domain2.com was added as the Exchange server reference.  On this workstation I have an email account that accesses a Hosted Exchange account at mcfarlen.com.  Anytime Outlook is opened, it connects to the mcfarlen.com account, syncs my mail and everything is good.  However, shortly thereafter a login box pops up asking for credentials to access remote.pakislaw.com.  All I want to do is disable the redundant prompts.  Thank you in advance for any suggestions.
    20 апреля 2010 г. 18:09
  • I am researching the same problem.  Where do you put this bogus URL value? I have a Windows 7 client using Outlook 2007 and it is a member of a 2008 SBS domain.  The domain is domain1.com.  External website and POP/SMTP mail is domain2.com.  When the SBS server was set up, Exchange was disabled.  However, anticipating that it might be used in the future, domain2.com was added as the Exchange server reference.  On this workstation I have an email account that accesses a Hosted Exchange account at mcfarlen.com.  Anytime Outlook is opened, it connects to the mcfarlen.com account, syncs my mail and everything is good.  However, shortly thereafter a login box pops up asking for credentials to access remote.pakislaw.com.  All I want to do is disable the redundant prompts.  Thank you in advance for any suggestions.


    Outlook should only attempt to use autodiscover when setup with an Exchange profile.  If you connect Outlook to your pop/smtp internet service the autodiscover should not interfere.

    to answer your question of "where" do you set this: in the exchange management shell.  just type what i put above.

    also, I would recommend removing the exchange configuration unless you plan to use it.  If you change your mind later, just put in the values then.

    BTW, I WOULD use exchange now.  you can have exchange download your pop mail on user's behalf via the built-in pop3 connector (in sbs). 


    Mike Crowley: MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging Administrator
    Check out the new virtualization exams!

  • Thanks for responding.  A colleague of mine had suggested turning off some settings in the SBS 2008 server that had to do with remote access and access to OWA.  One of those toggles specifically pointed to remote.domain2.com.  Once disabled and the server rebooted, the redundant login prompts from Outlook 2007 disappeared.  The fact that my SBS server had Exchange in place, but disabled, did not prevent the autodiscover from trying to access this reference on the server.  That no longer occurs, which is exactly what I wished to achieve.  I have since brought up my Outlook clients with the Host Exchange provider and no spurious login prompts are being received.  Thanks again.
  • Hi gmcfarlen!

    I have the same problem here with one of our costumer. There is a SBS2008 and we had to activate the Exchange Server for the "Status E-Mails"-The users use Outlook with an external Exchange Provider (everthing is still fine) but they get "every minute" this second login promt ....and I don´t know how to disable the (second local Exchange) login prompts for Outlook.

    So please please: Can you tell me which settings/toggles you have turned off?

     

    9 июня 2010 г. 22:04
  • Hi gmcfarlen!

    I have the same problem here with one of our costumer. There is a SBS2008 and we had to activate the Exchange Server for the "Status E-Mails"-The users use Outlook with an external Exchange Provider (everthing is still fine) but they get "every minute" this second login promt ....and I don´t know how to disable the (second local Exchange) login prompts for Outlook.

    So please please: Can you tell me which settings/toggles you have turned off?

     


    See my comments above.  the wizard in SBS to change the internet domain name might include this step, but directly you can "break" (disable) autodiscover via this command:

    Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://badsetting.fake/Autodiscover/Autodiscover.xml



    Mike Crowley
    Check out My Blog!

    9 июня 2010 г. 22:19
  • What about using registry keys to turn off autodiscover or point it to a local xml file:

    http://support.microsoft.com/kb/927481

    http://blogs.technet.com/b/ilvancri/archive/2010/02/03/some-autodiscover-fun.aspx

     

    10 июня 2010 г. 19:08
  • http://support.microsoft.com/kb/956955


    Waardenaam: ExcludeHttpsAutodiscoverDomain
    Waardetype: DWORD
    Waardegegevens: 1

    21 июня 2010 г. 9:04
  • This might be an interesting solution to try.  Where in the registry tree should this be entered?
    24 июня 2010 г. 17:01
  • Sorry, for taking this long to respond.   The following changes helped eliminated the redundant prompts for me;

    I opened the Group Policy Management window on the server and drilled down under Domains and my domain to the entry Windows SBS User Policy.  Under that item is a listing Windows Small Business Server Group Policy Client Side Extensions.  I right-clicked that entry and selected "Edit".  This opened a Group Policy Management Editor window and I selected User Configuration >  Policies > Windows Settings > Internet Explorer Maintenance > URLs.  In the associated right pane is an item titled "Favorites and Links".  In my case there were several entries named "Check E-mail", "Remote Web Workspace" and "Internal Web site".  Each of these had a definition assigned to them that did not exist.  I removed all three of these entries and saved my changes.  I restarted the server and my redundant Outlook prompts at the workstations ceased.

    24 июня 2010 г. 17:36
  • Since upgrading to Outlook 2010 we also receive the SSL mismatch messages on starting Outlook.
    I have added an entry to the hosts file pointing to localhost for the autodiscovery url.
    This also prevents the message from re-occuring.

    Hope this helps someone.

    13 декабря 2010 г. 11:37
  • Thanks Mike for posting this. I have googled quite a lot for this problem, and it seems that most problems users encounter regarding Outlook asking for a password are related to certificate issues, which was not my case.

    Still, my problem is solved with this URL faking trick and users are back to happiness !

    R.

    20 февраля 2011 г. 8:56
  • oops

    • Изменено tarzan_nojane 16 июня 2011 г. 1:48 wrong link
    16 июня 2011 г. 1:44
  • to answer your question of "where" do you set this: in the exchange management shell.  just type what i put above.


     

    Mike Crowley: MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging Administrator
    Check out the new virtualization exams!

     

    A bit of a novice here, sorry, but "just type" in the exchange management shell is a bit vague to me

    Get-ClientAccessServer | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://badsetting.fake/Autodiscover/Autodiscover.xml

    MMC > Exchange System Manager > ???

    Thanks

    Joe 


    SBS 2003 sp2 / Exchange 6.5.7638.1


    16 июня 2011 г. 1:48
  • Your signature states "sbs 2003".  Is this what you are using?  There is no autodiscover service in Exchange 2003.  I said this above (see Tuesday, March 16, 2010).

    Mike Crowley | MVP
    My Blog -- Planet Technologies


    16 июня 2011 г. 2:14
  • Since upgrading to Outlook 2010 we also receive the SSL mismatch messages on starting Outlook.
    I have added an entry to the hosts file pointing to localhost for the autodiscovery url.
    This also prevents the message from re-occuring.

    Hope this helps someone.

    Thank you very much! I had a similar situation. I have a 2003 Exchange server with an Outlook 2007 client. Somehow Outlook was popping up an autodiscover SSL warning. I could not see how or why anywhere, so I simply added the autodiscover URL to the hosts file and the prompt went away! 
    26 августа 2011 г. 13:37
  • None of the above solutions worked.  I appreciate the thought that each person put into their replies, but the bottom line is, nothing in this entire post works.  I really wish I could have manual control of Google's search engine and put this article at about item 9999, because that's how useful it is.  One day search will be useful.  Until then, please people, if you don't actually have a solution, don't post your useless thoughts.  It just slows everyone down.  Sorry, but this is reality.  Again, thanks for the effort.
    22 сентября 2011 г. 2:45
  • None of the above solutions worked.  I appreciate the thought that each person put into their replies, but the bottom line is, nothing in this entire post works.  I really wish I could have manual control of Google's search engine and put this article at about item 9999, because that's how useful it is.  One day search will be useful.  Until then, please people, if you don't actually have a solution, don't post your useless thoughts.  It just slows everyone down.  Sorry, but this is reality.  Again, thanks for the effort.


    You mean none of it worked for you.  Entering Mike's command in the EMS worked great for my clients.

    So, instead of trashing their replies, why don't you provide some meaningful details of your environment and maybe someone can help you.

    Is this an SBS install? What version of Exchange? What version of Outlook?

    And before you post this kind of reply again, perhaps you should take your own advice and don't post a message with your useless thoughts. As you say it just slows everyone down.

    26 октября 2011 г. 14:52
  • I echo your sentiments about the comments of Terrawide.  He is obviously frustrated. Did he join this discussion to just gripe?  I do not see another entry under his identifier that gives any particulars to his situation.  Why complain if you haven't supplied any details to your own environment?   The solution that I described worked in my environment, but may not work in others.  The nature of the forum is to assist each other find possible solutions.  It is not a guarantee of solution.  If Terrawide does not find anything of help in a post, nothing is gained by disparaging the contributors.  If he wants real help, furnish as much detail as possible so the subscribers can help find a solution together.  His decision to criticize the participants, confirms he does not command respect or deserve help. 
    26 октября 2011 г. 15:10
  • There sure are a lot of goofs on the board who have plenty of cerrtifications but no real world experience.  SSL error.  Outllook in not trying to "Autodiscover", it's just reporting an error with the certificate.  The only real way to fix this is to fix your certificate, or fool the certificate (which doesn't seem to work).  God, I'm a newbie.  Heaven help the corporate world if I can figure this out and these guys can't.  When they prepared their SSL the did not specify autodiscover site.  If you let Exchange 2010 prepare the certificate and leave the default "autodiscover.yourdomain.com" as the Autodiscover site, it will work correctly but if you get a certificate for your domain and just apply it or use a wild card, it reports an error.  
    3 февраля 2012 г. 7:12
  • Thanks for contributing nothing to solving this problem.
    3 февраля 2012 г. 7:13
  • Version number are not going to solve this problem.  He's gripping about ... If you don't understand the problem or don't have a solution, move on and stop wasting people time.  I'm sorry but I read these posts and most of the are saying "Outlook doesn't have autodiscover".  They don't understand and it really seems like they are talking down to the frustrated user when in reality, they are not trying to understand the problem.  From what I have read it is a very, very, very common problem and it is very frustrating to read posts from people who think they know it all but apparently can't even read english.  BTW  there are four posts above that with version numbers and it didn't seem to help them.  If you don't understand the problem .  Move on.
    3 февраля 2012 г. 7:19
  • So what was the final conclusion?
    7 июня 2012 г. 16:49
  • Hi Everyone,

    I'm new to this site as well as supporting email related issues at work

    I'm in a similar situation.  Our email system is hosting email addresses of several different domains for different projects.  We are on Exchange 2007 and use Outlook 2010.  A user is getting Security Alert about "DomainName.Org" and "The name of the security certificate is invalid or does not match the name of the site."

    He would click Yes and have no problems accessing.  But it annoys him as this comes up regularly.

    Can someone post an example of what to enter in the Host file to prevent this message from appearing?

    Thank you very much,

    ~C

    4 августа 2012 г. 19:20
  • You can make a hosts file on the client computer.

    make a new entry using notepad...

    127.0.0.1 autodiscover.yourdomain.com

    when your outlook client try to validate your domain it looks locally and will not popup 

    Regards Peter

    21 августа 2012 г. 19:16
  • Thank you Ngregorius,

    In this example, do you just use the internal IP of your exchange server?

    We have our own exchange server and have about 20 employees. I have been digging through all of these threads to see if anyone is having the same issues that I am and has a similar environment. Many folks are close, but too different to compare. We are running Exchange 2003 (Version 6.5.7638.1) which I KNOW DOES NOT HAVE AUTODISCOVER!!! None-the-less, we keep getting this auto-discover error on our Outlook 2010 clients that says 'The name on the security certificate is invalid or does not match the name of this site.' When i check out the certificate, it goes to some web-hosting company in India. When i ping my autodiscover URL i get no response. I also tried pasting my autodiscover URL autodiscover.mycompanydomain.net in Internet Explorer and it redirected me to someone elses web page. The random certificate that we are currently worried about is for *.myhsphere.biz. We are a little worried that we are vulnerable to a 'middle man' attack. Why does this error even show up if we are using Exchange 2003?!? Are we being baited by someone else's mail server? Thoughts anyone?

    22 августа 2012 г. 22:42
  • Just copy as is using 127.0.0.1 just as ngregorious has shown, it works :)
    10 октября 2012 г. 15:53
  • May want to try removing your _autodiscover records from your DNS zone files. If Windows Active Directory, then look under _tcp under your primary internal domain, and if external, work with your domain name host to remove the autodiscover records. Check out http://www.thirdtier.net/2009/02/setting-up-an-external-autodiscover-record-for-sbs-2008/ and http://support.microsoft.com/kb/940881 for hints on what you'll need to clear out of your DNS, or why your Outlook client is grabbing the certificate of your Web host.

    Steven Banks [SBS MVP] Banks Consulting Northwest Inc. http://www.banksnw.com Third Tier | Support for IT Professionals http://www.thirdtier.net Puget Sound Small Business Server User Group http://www.pssbs.org

    5 декабря 2012 г. 17:53
    • Предложено в качестве ответа Clay Johanson 31 августа 2013 г. 19:50
    20 августа 2013 г. 15:32
  • i guess what you are looking is this  http://tipst3r.wordpress.com/tag/turn-off-autodiscover-for-outlook/
    Bingo. This is simple and it works.
    31 августа 2013 г. 19:51